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Amendments to the Claims; 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims; 

1 . (Previously presented) A method for a decryptor to obtain a decryption key from a key 
release agent comprising: 

a decryptor obtaining an encryption block comprising a data clphertext requiring 
a decryption key to decrypt, the encryption block further comprising key related information 
associated with a first {public key, private key} pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key encrypted by the first public key of the first 
{public key, private key} pair, the encryption block not including an ACD (access controlled 
decryption) block; 

the decryptor generating a key release request containing the key ciphertext, and 
the key related information and outputting the key release request to the key release agent, die 
key release request for use by the key release agent to locate decryptor authorization logic stored 
externally to the key release request that is to be applied in determining whether or not to release 
the decryption key; 

in die event the decryption key is to be released, the decryptor receiving a key 
release response specifying the decryption key. 

2. (Previously presented) A niethod according to claim 1 further comprising: 

the decryptor making decryptor Intbrmalion available to the key release agents the 
decryptor information for use by the key release agent in determining decryptor attributes, the 
decryptor attributes for further use in determining whether or not to release the decryption kcy. 

3. (Original) A method according to claim 1 further comprising the decryptor using the 
decryption key to decrypt the data ciphertext. 



2 

PA6E4f16'R(M)AT12/13/20054:43:07PM [Eastern Standa^^ 



DEC- 13-3005 16:44 FROM: 



6132328440 



TOiUSPTO 



Appl.No. 09/746,015 

Amdmt. Dated December 13, 2005 

Reply 10 Office Action of September 20, 2005 

4. (Original) A method according to claim 1 wherein the deciyptor making the decryptor 
information available to the key release agent comprises including the decryptor information in 
the key release request. 

5. (Previously presented) A method according to claim 2 wherein the decryptor making the 
deciyptor information available to the key release agent comprises die decryptor providing the 
decryptor information to the key release agent while establishing a secure connection with the 
key release agent. 

6. (Previously presented) A method according to claim 2 wherein the decryptor making the 
deciyptor information available to the key release agent comprises providing a decryptor 
identifier which may be used to look up decryptor attributes stored in a repository external to the 
key release request. 

7» (Original) A method according to claim I wherein the key related information comprises a 
key pair identifier. 

8. (Original) A method according to claim 1 further comprising: 

before generating the key release request, the decryptor determining if the private 
key of the first {public key, private key} pair is available at the decryptor; 

upon determining the private key of the first {public key, private key } pair is not 
available at the decryptor generating the key release request. 

9. (Original) A method according to claim 1 further comprising: 

decrypting at least a portion of the key release response containing an encrypted 
version of the decryption key using a private key of a second {public key, private key} pair to 
recover the decryption key. 

10. (Previously presented) A method according to claim 1 wherein tlie encryption block 
comprises a plurality of key related information associated with a respective plurality of first 
(public key, private key} pairs, and a respective plurality of key ciphertexts each consisting of 
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the decryption key encrypted by the public key of a respective one of the plurality of tirst {public 
key, private key} pairs associated with the plurality of key related information, the method 

comprising: 

generating the key release request containing the plurality of key ciphenexts, and 
the associated plurality of key related information. 

11. (Original) A method according to claun 10 further comprising: 

before generating the key release request, detennining if at least one private key 
of the plurality of first (public key, private key ) pairs is available at the decryptor; 

upon determining none of the private keys of the plurality of first {public key, 
private key) pairs is available at the decryptor generating the key release request. 

12. (Cancelled) 

13. (Previously presented) A key release method comprising: 

receiving a key ciphertext and key related information in respect of a key used to 
encrypt the key ciphertext from a decryptor; 

locating decryptor authorization logic stored externally to the decryptor with use 
of the key related information; 

obtaining decryptor information in respect of the deciyptor; 

deciding based on the decryptor information and the decryptor authorization logic 
whether decryption of the key ciphertext is to be permitted, 

14. (Original) A method according to claim 13 wherein the decryptor information is received 
fi'om the decryptor together with the key ciphertext and key related information. 

15. (Original) A method according to claim 13 wherein obtaining decryptor information 
comprises receiving the decryptor information while establishing a secure connection with the 



4 

PAGE 6/16'RCVDAT12/13120054:43:07PM [Eastern Standan^ 



DEC-13-2005 16:45 FROM: 



6132328440 



TOrUSPTO 



P.T'^16 



AppLNo. 0<)/746,015 

Amdmt Dated December 13, 2005 

Reply to Office Action of September 20, 2005 

dccryptor. 

16. (Original) A method according to claim 13 whcreiii obtaining decryptor information 
comprises: 

receiving from the decryptor a decryptor identifier; 

using the decryptor identifier to lookup decryptor attributes from a public 
repository, the decryptor identifier and decryptor attributes together constituting the decryptor 
information, 

17. (Original) A method according to claim 13 further comprising: 

usmg information in a certificate as the decryptor information. 

18. (Original) A method according to claim 17 further comprising: 

obtaining the certificate from a certificate repository. 

19. (Original) A method according to claim 17 further comprising receiving the certificate 
together with the key ciphertext and key related information. 

20. (Original) A method according to claim 13 wherein the decryptor information is an identity 
or role of the decryptor^ an alias, or a claim of access rights or privilege^ or some other attribute 
of flie decryptor of a corresponding decrypting device or platform. 

21. (Original) A method according to claim 13 wherein the key related information comprises a 
key pair identifier. 

22. (Original) A method according to claim 13 further comprising: 

decrypting the key ciphertext, re-encrypting the key using a public key of a 
{public key, private key} pair to produce a re-encrypted key» the private key of which is 
available to the decryptor, and sending the re-encrypted key to the decryptor. 

23. (Original) A method according to claim 13 further comprising: 
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decrypting the key ciphertext to obtain a decryption key; 

sending the decryption key to the decryptor over a secure channel. 

24 (Original) A method according to claim 13 further comprising: 

decrypting the key ciphertext to obtain a decryption key; 

using a symmetric key available to the decryptor, encrypting the decryption key 
with the symmetric key to produce an encrypted decryption key, and sending the encrypted 
decryption key to the decryptor. 

25. (Previously presented) A method according to claim 13 further comprising: 

receiving a plurality of key ciphertexts and respective key related information 
from the decryptor and determining whether at least one private key required to decrypt a 
respective at least one key ciphertext of the plurality of key ciphertexts is available; 

vising the respective key related information to locate respective decryptor 
authorization logic stored externally to the decryptor; and 

upon determining such at least one private key is available, deciding based on the 
decryptor information and the respective decryptor authorization logic whether decryption of at 
least one of the plurality of key ciphertexts is to be permitted. 

26. (Original) A method to claim 25 fhrfher comprising: 

decrypting one of the key ciphertexts using a corresponding private key to recover 
a decryption key. 

27. (Previously presented) A method according to claim 25 wherein deciding based on 
decryptor information of the decryptor and the respective decryptor authorization logic whether 
decryption of at least one of the key ciphertexts is to be permitted comprises applying the 
respective decryptor authorization logic associated with each public key used to encrypt the 
decryption key to the decryptor information to determine whether the decryptor should be 
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permitted access to the decryption key- 

28. (Previously presented) A method accoixling to claim 13 wherein deciding based on 
decryptor infonnation of the decryptor and the dccryptor authorization logic whether decryption 
of the key ciphertext is to be permitted comprises applying at least one rule of the decryptor 
authorization logic associated with the public key used to encrypt the deciyption key to the 
decryptor information to determine whether the decryptor should be permitted access to the 
decryption key. 

29. (Previously presented) A method of controlling access to a decryption key comprising: 

receiving from a decryptor a key release request comprising decryptor 
information and the decryption key encrypted using a public key; 

locating decryption authorization logic stored externally to the key release request 
with use or the public key; 

applying the decryption authorization logic to the decryptor information to 
determine whether the decryptor should be permitted access to the deciyption key; 

upon detemiining the decryptor should be permitted access to the decryption key, 
sending a key release response specifying the decryption key. 

30. (Previously presented) A method of controlling access to decryption keys comprising: 

maintaining a private key repository comprising a plurality of access identifiers, 
and for each access identifier at least one key related information of a respective {public key> 
private key} pair^, the repository also containing the private key of each {public key, private key} 
pair, 

receiving a key release request containing a decryption key encrypted using a 
public key of a (public kcy^ private key ) pair and containing a key related information 
associated with tbe {public key, private key} pair; 
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maintaining a repository residing externally to the key release request associating 
each access identifier with respective decryptor authorization logic that can be applied to a 
decryptor information; 

obtaining decryptor information; 

for each access identifier in association with which the key related infomiation is 
stored, applying the respective decryptor authorization logic to the decryptor information 
specified in the key release request; 

in the event the decryptor information satisfies at least one of the respective 
decryptor authorization logics^ decrypting thc ciphertcxt to recover the decryption key, and 
sending a key release response to the decryptor specifying the decryption key. 

31. (Original) An administrative inter&ce comprising: 

a private key repository maintenance function adapted to allow adding and 
deleting of a key related information and associated private key of a {public key, private key) 
pair; and 

a decryptor authorization logic defmition function adapted to allow tlie definition 
of decryptor authorization logic to be applied to decryptor information to determine eligibility to 
decrypt, and for each decryptor authorization logic to select one or more of the key related 
infotmation in respect of which the rule is to be applied. 

32. (Original) An administrative interface according to claim 31 whercm the private key 
repository maintenance function is further adapted to store the key related information and 
associated private k^y of a {public key, private key} pair in association with one of a plurality of 
access identifiers; 

and wh(»rcin the decryptor authorization logic definition function is further 
adapted to store each authorization logic in association with one of the plurality of access 
identifiers. 
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33. (Currently amended) A decryptor comprising: 

means for obtaining an encryption block comprising a data ciphertext requiring a 
decryption key to decrypt, the encryption block further connprising key related information 
associated with a first (public key, private key} pair, the encryption block further comprising a 
key ciphertext consisting of the decryption key encrypted by the first public key of the first 
{public key, private key} pair, the encryption block not including an ACD (access controlled 
decryption) block; 

means for generating a key release request containing the key ciphertext, and the 
key related information and outputting the key release request to the key release agent; 

means for making makiag decryptor information available to the key release 
agent, the decryptor information for use by the key release agent to obtain decrji5tor 
authorization logic stored externally to the key release request that is to be applied in 
determining whether or not to release the decryption key; 

means for receiving a key release response specifying the decryption key. 

34. (Cancelled) 

35. (Previously presented) A decryptor according to claim 33 further comprising means for 
using the decryption key to decrypt the data ciphertext. 

36. (Original) A decryptor according to clam 33 adapted to make the decryptor information 
available to the key release agent by including the decryptor information in the key release 
request. 

37. (Original) A decryptor according to claim 33 further comprising means for decrypting at 
least a portion of the key release response containing an encrypted version of the decryption key 
using a private key of a second {public key, private key} pair to recover the decryption key. 

38. (Previously presented) A key release agent comprising: 
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means for receiving from a decryptor a key ciphertext and key related infonnation 

in respect of a key used to encrypt the key ciphertext; 

means for locating decryptor authorization logic stored externally to the decryptor 
with use of the key related infonnation; 

means for obtaining decryptor information in respect of the decryptor; and 

means for deciding based on decryptor infonnation of the decryptor and the 
decryptor authorization logic whether decryption of the key ciphertext is to be permitted 

39. (Original) A key release agent according to claim 38 adapted to receive the decryptor 
information together with the key ciphertext and key related information. 

40. (Previously presented) A key release agent according to claim 38 adapted to use a decryptor 
identifier to lookup decryptor attributes from a repository, the decryptor identifier and decryptor 
attributes togedier constituting the decryptor information. 

41 . (Previously presented) A key release agent according to claim 38 further comprising: 

decrypting means for decrypting the key ciphertext; 

encryption means for re-encrypting the key using a public key of a (public key, 
private key} pair to produce a re-encrypted key, the private key of which i& available to the 
decryptor; 

means for sending the re-cncryptcd key to the decryptor. 

42. (Previously presented) A key release agent according to claim 38 further comprising: 

means for applying decryptor authori2ation logic associated with each public key 
used to encrypt the decryption key to the decryptor information for determining whether the 
decryptor should be permitted access to the decryption key. 
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